A. Only the internal operation of a system is known to the tester.B. The internal operation of a system is completely known to the tester.C. The internal operation of a system is only partly accessible to the tester.D. Only the external operation of a system is accessible to the tester.

QUESTION 14This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.Which of the following tools is being described?

A. wificrackerB. AirguardC. WLAN-crackD. Aircrack-ng

Answer: D

QUESTION 15The following is part of a log file taken from the machine on the network with the IP address of 192.168.0.110:

QUESTION 17Bob, your senior colleague, has sent you a mail regarding aa deal with one of the clients. You are requested to accept the offer and you oblige.After 2 days, Bob denies that he had ever sent a mail.What do you want to “know” to prove yourself that it was Bob who had send a mail?

A. ConfidentialityB. IntegrityC. Non-RepudiationD. Authentication

Answer: C

QUESTION 18What is attempting an injection attack on a web server based on responses to True/False questions called?

A. DMS-specific SQLiB. Compound SQLiC. Blind SQLiD. Classic SQLi

Answer: C

QUESTION 19The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?

A. ACKB. SYNC. RSTD. SYN-ACK

Answer: B

QUESTION 20You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?

A. SnortB. NmapC. Cain & AbelD. Nessus

Answer: A

QUESTION 21Which of the following will perform an Xmas scan using NMAP?

QUESTION 22Code injection is a form of attack in which a malicious user:

A. Inserts text into a data field that gets interpreted as codeB. Gets the server to execute arbitrary code using a buffer overflowC. Inserts additional code into the JavaScript running in the browserD. Gains access to the codebase on the server and inserts new code